Electronic networks allow users remote access to electronic resources. For example, a user may access a virtual private network (VPN) in order to conduct a work session using data stored on a server at work from a computer at his or her home. Typically, the user authenticates to the VPN in order to demonstrate that the user is the person he or she purports to be.
One risk of allowing users remote access to electronic resources is that an imposter may misappropriate a user's login in order to fraudulently gain access to the electronic resources. In order to detect such malicious activity, tools such as User Behavior Analytics (UBA) identify anomalous behavior on electronic networks. Such behavior is described by any number of behavioral factors (e.g., VPN session length, source IP address, etc.). For example, consider a user who has a history of VPN sessions that last between 30 minutes and 2 hours. If this user suddenly connects to the VPN in sessions lasting less than 5 minutes or greater than 6 hours, then a UBA system may flag such behavior as anomalous and send an alert to an administrator. The administrator may then investigate the sessions to determine whether remedial action is needed.